Ransomware victim disclosure
← All victimsDUC App
listed as DUC App: Global Money Movement, Sim... · Claimed by Killsecurity · listed 9 months ago
Status timeline
- ListedOct 23, 2025
- Data leakeddate unknown
At a glance
- Group
- Killsecurity
- Status
- Data leaked
- Country
- Canada
- Sector
- Technology
- Listed on leak site
- Oct 23, 2025
- Data size
- 600 GB
About the victim
AI dossier — public-source company profileDUC App is a Canadian-based financial technology platform offering global payment services including person-to-person transfers, international mobile top-ups, cryptocurrency transactions, gift cards, and API integrations for e-commerce. It operates across web, iOS, and Android devices, supporting a wide range of payment methods and multiple currencies. The platform has been serving clients since at least 2011 under a legacy brand (Duales) and now operates as DUC App.
- Industry
- Financial Technology (Fintech) / International Money Transfer
Attack summary
Severity: critical — The exfiltrated data includes highly regulated PII at scale (passports, government IDs, home addresses), financial transaction records, and critically, private cryptocurrency wallet keys — which could enable direct theft of funds. This combination of financial, identity, and cryptographic credential data represents a severe risk to a large number of users of a global payments platform.Killsecurity claims to have exfiltrated a broad set of sensitive customer and financial data from DUC App, including personal identification documents, transaction histories, and cryptocurrency wallet keys. The group states that if the company refuses to cooperate, all stolen data will be released publicly.
Data the group says was taken
AI dossier — extracted from the leak post- Home addresses
- Phone numbers
- Email addresses
- Transaction histories
- Public cryptocurrency wallet keys
- Private cryptocurrency wallet keys
- Verified identity documents
- Passports
- Government-issued IDs
What the group claims
DUC App is a leading financial technology platform that empowers individuals and businesses to manage global payments and currency exchange effortlessly. Offering instant transfers, international mobile top-ups, cryptocurrency transactions, and robust API integrations for e-commerce, DUC App delivers a secure, user-friendly experience across web, iOS, and Android devices -- The data includes, but is not limited to, clients' home addresses, phone numbers, transaction histories, email addresses, public and private crypto address keys, verified documents, passports, IDs, and more. If the company refuses to cooperate, we will release all information.
The leak post
captured from the group's siteFounded in 1997, iCare Software, based in the United States, delivers innovative management solutions for childcare and afterschool programs. Serving childcare centers, preschools, afterschool programs, and multi-site operations, iCare automates critical tasks like attendance tracking, staff scheduling, tuition collection, and compliance reporting. Its unique offerings include AI-driven analytics, business intelligence dashboards, and CRM tools to boost enrollment and staff retention. With seamless data migration and robust back-end technology, iCare empowers providers to focus on quality care while streamlining operations and driving growth. Cadorim simplifies money transfers to Mauritania, offering a secure, user-friendly platform for individuals and businesses. With a focus on speed, affordability, and accessibility, Cadorim enables seamless transactions in just three clicks, available around the clock. The company ensures maximum security for every transfer, provides competitive exchange rates with no fees, and processes transactions instantly. Headquartered in Brussels, Belgium, with operations in Nouakchott, Mauritania, Cadorim serves customers seeking reliable, cost-effectiv…
Screenshot of the leak post

Sources
- Victim siteducapp.com
Source
Indexed 9 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

